Keypoints
- DragonForce ransomware was deployed against a major U.S. services firm.
- Backdoor.Turn hid command-and-control traffic through Microsoft Teams relay infrastructure.
- The attackers used DLL sideloading with a malicious VirtualBox-related DLL for stealth.
- Multiple BYOVD techniques were used to disable security tools and evade detection.
- The intrusion lasted for one to two months before ransomware was deployed.
Read More: https://www.security.com/threat-intelligence/dragonforce-msteams-backdoor